Configure SSL with Docker

I’ve wasted a full Sunday trying to figure out the SSL stuff with no luck. I’ve followed this Documentation.

I’ve created the certificates according to the documentation. Note, the “config” directory wasn’t there so I had to create it to match the docs.

$ pwd
/usr/share/hassio/homeassistant

$ ls -lh
total 14M
-rwxrwxr-x. 1 root root 1.3K May 17 18:33 automations.yaml
drwxr-xr-x. 2 root root   44 May 17 19:34 config
-rwxrwxr-x. 1 root root  523 May 17 22:37 configuration.yaml
-rwxrwxr-x. 1 root root  282 May  8 20:38 customize.yaml
drwxrwxr-x. 2 root root    6 May  7 22:53 deps
-rwxrwxr-x. 1 root root    0 May  7 22:53 groups.yaml
-rwxrwxr-x. 1 root root  140 May 17 22:37 home-assistant.log
-rwxrwxr-x. 1 root root  14M May 17 22:55 home-assistant_v2.db
-rwxrwxr-x. 1 root root    0 May  7 22:53 scenes.yaml
-rwxrwxr-x. 1 root root    0 May  7 22:53 scripts.yaml
-rwxrwxr-x. 1 root root  163 May 17 22:40 secrets.yaml
drwxr-xr-x. 2 root root   44 May 17 21:47 ssl
drwxrwxr-x. 2 root root    6 May  7 22:53 tts

$ ls -lh config
total 8.0K
-rw-------. 1 root root 2.1K May 17 19:28 fullchain.pem
-rw-------. 1 root root 3.2K May 17 19:28 privkey.pem

Configuration.yaml:

# Configure a default setup of Home Assistant (frontend, api, etc)
default_config:

# Uncomment this if you are using SSL/TLS, running in Docker container, etc.
http:
  base_url: https://myhomeassistant.com:8123
  ssl_certificate: /config/fullchain.pem
  ssl_key: /config/privkey.pem

# Text to speech
tts:
  - platform: google_translate

group: !include groups.yaml
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml

homeassistant:
  customize: !include customize.yaml

There are 2 problems I’m experiencing:

  1. With the current configuration settings, my hassio will start up in Safe Mode
  2. I can access http://myhomeassistant.com:8123 but not https://myhomeassistant.com:8123.

I’m not using Let’s Encrypt Add-On. I’m OK with the nagging unsecured connection just as long as it’s “https”.

Anyone ran into this issue at all? Everywhere I looked showed DuckDNS setup which I don’t have or need. I have my own that I’d like to use instead.

That’s where you’re going wrong. The ‘/config’ directory is a mapped directory in your homeassistant docker container.

The actual directory on the host machine is /usr/share/hassio/homeassistant . So if you have created a directory inside there called config, then the path to it inside the container will be /config/config/*

Thank you Marc! You’re spot on. Glad I included that detail. Wouldn’t have figured out that the entire /usr/share/hassio/homeassistant is the config directory.

I’ve moved the fullchain.pem and prikey.pem to /usr/share/hassio/homeassistant/, restarted docker and it worked.

$ pwd
/usr/share/hassio/homeassistant

$ $ ls -lh
total 22M
-rwxrwxr-x. 1 root root 1.3K May 17 18:33 automations.yaml
-rwxrwxr-x. 1 root root  519 May 20 15:34 configuration.yaml
-rwxrwxr-x. 1 root root  282 May  8 20:38 customize.yaml
drwxrwxr-x. 2 root root    6 May  7 22:53 deps
-rw-------. 1 root root 2.1K May 17 19:28 fullchain.pem
-rwxrwxr-x. 1 root root    0 May  7 22:53 groups.yaml
-rwxrwxr-x. 1 root root 2.2K May 20 15:36 home-assistant.log
-rwxrwxr-x. 1 root root  22M May 20 15:37 home-assistant_v2.db
-rw-------. 1 root root 3.2K May 17 19:28 privkey.pem
-rwxrwxr-x. 1 root root    0 May  7 22:53 scenes.yaml
-rwxrwxr-x. 1 root root    0 May  7 22:53 scripts.yaml
-rwxrwxr-x. 1 root root  163 May 17 22:40 secrets.yaml
drwxr-xr-x. 2 root root   44 May 17 21:47 ssl
drwxrwxr-x. 2 root root    6 May  7 22:53 tts

$ docker restart homeassistant
1 Like

After setting up and able to access via “https”. My android app stopped working.

Unable to connect to Home Assistant
Unable to communicate with Home Assistant because of SSL error. Please ensure your certificate i s valid.

Any idea on how to fix it?

I assume you have reconfigured the app to use the new HTTPS url instead of just HTTP.? But, assuming that …

I would say (but am not sure) the Android App is using the Android “Webview” component to render the HA website inside the app. The Webview cannto handle self signed certs (or others that it cant verify the root cert for)

I was able to fix the issue. The solution is written in this thread in case someone else might run into the same problem.

Work so much faster and reliable with the app than with web browser.